Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d0d6632

Browse files
bdamelebdamele
committed
Initial support to automatically work around the dynamic page at each refresh
(Major refactor to the comparison algorithm (True/False response))
1 parent 3fe493b commit d0d6632

6 files changed

Lines changed: 85 additions & 12 deletions

File tree

lib/controller/checks.py

Lines changed: 54 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -294,16 +294,63 @@ def checkStability():
294294
infoMsg = "testing if the url is stable, wait a few seconds"
295295
logger.info(infoMsg)
296296

297-
firstResult = Request.queryPage()
297+
firstPage, firstHeaders = Request.queryPage(content=True)
298298
time.sleep(0.5)
299299

300-
secondResult = Request.queryPage()
300+
secondPage, secondHeaders = Request.queryPage(content=True)
301301
time.sleep(0.5)
302302

303-
thirdResult = Request.queryPage()
303+
thirdPage, thirdHeaders = Request.queryPage(content=True)
304304

305-
condition = firstResult == secondResult
306-
condition &= secondResult == thirdResult
305+
condition = firstPage == secondPage
306+
condition &= secondPage == thirdPage
307+
308+
if condition == False:
309+
contentLengths = []
310+
requestsHeaders = ( firstHeaders, secondHeaders, thirdHeaders )
311+
312+
for requestHeaders in requestsHeaders:
313+
requestHeaders = str(requestHeaders).lower()
314+
315+
clHeader = re.search("content-length:\s+([\d]+)", requestHeaders, re.I | re.M)
316+
317+
if clHeader and clHeader.group(1).isdigit():
318+
contentLengths.append(int(clHeader.group(1)))
319+
320+
if contentLengths:
321+
clSum = 0
322+
323+
for cl in contentLengths:
324+
clSum += cl
325+
326+
clAverage = clSum / len(contentLengths)
327+
328+
# TODO: go ahead here with the technique to compare True/False
329+
# based upon clAverage discard (conf.contentLengths)
330+
331+
counter = 0
332+
firstLines = firstPage.split("\n")
333+
secondLines = secondPage.split("\n")
334+
thirdLines = thirdPage.split("\n")
335+
336+
for firstLine in firstLines:
337+
if counter > len(secondLines) or counter > len(thirdLines):
338+
break
339+
340+
if firstLine in secondLines and firstLine in thirdLines:
341+
conf.equalLines.append(firstLine)
342+
343+
counter += 1
344+
345+
if conf.equalLines:
346+
warnMsg = "url is not stable, sqlmap inspected the page "
347+
warnMsg += "content and identified a stable lines subset "
348+
warnMsg += "to be used in the comparison algorithm"
349+
logger.warn(warnMsg)
350+
351+
kb.defaultResult = True
352+
353+
return True
307354

308355
return condition
309356

@@ -325,7 +372,7 @@ def checkString():
325372
infoMsg += "target URL page content"
326373
logger.info(infoMsg)
327374

328-
page = Request.queryPage(content=True)
375+
page, _ = Request.queryPage(content=True)
329376

330377
if conf.string in page:
331378
setString()
@@ -356,7 +403,7 @@ def checkRegexp():
356403
infoMsg += "the target URL page content"
357404
logger.info(infoMsg)
358405

359-
page = Request.queryPage(content=True)
406+
page, _ = Request.queryPage(content=True)
360407

361408
if re.search(conf.regexp, page, re.I | re.M):
362409
setRegexp()

lib/core/option.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -570,8 +570,10 @@ def __setConfAttributes():
570570
logger.debug(debugMsg)
571571

572572
conf.cj = None
573+
conf.contentLengths = []
573574
conf.dbmsHandler = None
574575
conf.dumpPath = None
576+
conf.equalLines = []
575577
conf.httpHeaders = []
576578
conf.hostname = None
577579
conf.loggedToOut = None

lib/request/comparison.py

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,5 +68,29 @@ def comparison(page, headers=None, content=False):
6868
return False
6969

7070
# By default it returns the page content MD5 hash
71-
else:
71+
if not conf.equalLines and not conf.contentLengths:
7272
return md5.new(page).hexdigest()
73+
74+
# TODO: ahead here
75+
elif conf.equalLines:
76+
counter = 0
77+
trueLines = 0
78+
pageLines = page.split("\n")
79+
80+
for commonLine in conf.equalLines:
81+
if counter >= len(pageLines):
82+
break
83+
84+
if commonLine in pageLines:
85+
trueLines += 1
86+
87+
counter += 1
88+
89+
# TODO: just debug prints
90+
print "trueLines:", trueLines, "len(conf.equalLines):", len(conf.equalLines)
91+
print "result:", ( trueLines * 100 ) / len(conf.equalLines)
92+
93+
if ( trueLines * 100 ) / len(conf.equalLines) >= 98:
94+
return True
95+
else:
96+
return False

lib/request/connect.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,7 @@ def queryPage(value=None, place=None, content=False):
269269
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua)
270270

271271
if content:
272-
return page
272+
return page, headers
273273
elif page and headers:
274274
return comparison(page, headers, content)
275275
else:

lib/request/inject.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -340,6 +340,6 @@ def goStacked(expression):
340340
query = agent.prefixQuery("; %s" % expression)
341341
query = agent.postfixQuery("%s;%s" % (query, comment))
342342
payload = agent.payload(newValue=query)
343-
page = Request.queryPage(payload, content=True)
343+
page, _ = Request.queryPage(payload, content=True)
344344

345345
return payload, page

lib/techniques/inband/union/use.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ def __unionPosition(expression, negative=False):
8181
payload = agent.payload(newValue=query, negative=negative)
8282

8383
# Perform the request
84-
resultPage = Request.queryPage(payload, content=True)
84+
resultPage, _ = Request.queryPage(payload, content=True)
8585
reqCount += 1
8686

8787
# We have to assure that the randQuery value is not within the
@@ -280,7 +280,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
280280
logger.info(infoMsg)
281281

282282
# Perform the request
283-
resultPage = Request.queryPage(payload, content=True)
283+
resultPage, _ = Request.queryPage(payload, content=True)
284284
reqCount += 1
285285

286286
if temp.start not in resultPage or temp.stop not in resultPage:

0 commit comments

Comments
 (0)